10 matches found
CVE-2025-3902
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Class allows Cross-Site Scripting XSS.This issue affects Block Class: from 4.0.0 before 4.0.1...
CVE-2025-3902
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Class allows Cross-Site Scripting XSS.This issue affects Block Class: from 4.0.0 before 4.0.1...
CVE-2025-3902 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Class allows Cross-Site Scripting XSS.This issue affects Block Class: from 4.0.0 before 4.0.1...
CVE-2025-3902 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Class allows Cross-Site Scripting XSS.This issue affects Block Class: from 4.0.0 before 4.0.1...
CVE-2025-3902
Summary: CVE-2025-3902 is an XSS vulnerability in the Drupal Block Class module. The issue affects versions 4.0.0 up to (but not including) 4.0.1, caused by improper input neutralization during web page generation. Impact (as described): Cross-Site Scripting allowing injected JavaScript when a us...
Drupal Block Class 安全漏洞
Drupal Block Class is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Block Class versions prior to 4.0.1 that stems from improper input neutralization and could lead to a cross-site scripting attack...
PT-2025-17658 · Drupal · Drupal Block Class
Name of the Vulnerable Software and Affected Versions: Drupal Block Class versions 4.0.0 through 4.0.0 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, in the Drupal Block Class. This allows for Cross-Site...
CVE-2016-3144
Cross-site scripting XSS vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name...
CVE-2016-3144
Cross-site scripting XSS vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name...
Drupal Block Class Module HTML Injection Vulnerability
Drupal is the Drupal community maintained by a set of free, open source content management system developed in PHP. Block Class is one of the administrator through the Block configuration interface to add CSS to any Block module . An HTML injection vulnerability exists in Drupal Block Class modul...